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CLAIMS 

Claims 6-30 remain in the application. No claims have been amended, canceled 
or added. 

Listing of Claims: 

1-5. (Canceled). 

6. (Currently Amended) A network device comprising: 
at least one processor; 

memory; 
I/O; and 

at least one virtual network machin e router in the memory, said at least one first 
virtual network machin e router including a first network interface; 
a first sub-interface data structure in the memory; and 

a first binding data structure in the memory which binds the first network interface 
to the first sub-interface data structure. 

7. (Original) The network device of claim 6 wherein, 

the first network interface is a layer 3 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
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the first binding data structure is layer 2/3 binding structure which binds the first 
layer 3 network interface to the layer 2 interface data structure. 

8. (Currently Amended) An electronic memory encoded with: 

at least one virtual network machine router , said at least one first virtual n e twork 
machin e router including a first network interface; 
a first sub-interface data structure; and 

a first binding data structure which binds the first network interface to the first 
sub-interface data structure. 

9. (Original) The electronic memory of claim 8 wherein: 
the first network interface is a layer 3 network interface; 

the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is a layer 2/3 binding data structure which binds the 
first layer 3 interface to the first layer 2 interface data structure. 

10. (Currently Amended) A method of creating a link in at least one network domain 
comprising: 

providing a network device including an electronic memory encoded with at least 
one virtual network machine router which includes at least one network interface; 

providing at least one sub-interface data structure encoded in the electronic 
memory; and 
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binding the at least one network interface to the at least one sub-interface data 
structure. 

1 1 . (Original) The method of claim 10 wherein binding includes creating a binding 
data structure that binds the at least one network interface to the at least one sub-interface 
data structure. 

12. (Original) The method of claim 10 further comprising: 

providing at least one other network interface encoded in the electronic memory; 
and 

binding the at least one other network interface to the at least one sub-interface 
data structure. 

13. (Original) The method of claim 12 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

14. (Original) The method of claim 10 further comprising: 

providing at least one other sub-interface data structure encoded in the electronic 
memory; and 

binding the at least one network interface to the at least one other sub-interface 
data structure. 
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15. (Original) The method of claim 14 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

1 6. (Original) The method of claim 1 0, 

wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

binding the at least one other network interface to the at least one sub-interface 
data structure; 

wherein binding the at least one other network interface to the at least one sub- 
interface data structure includes creating a binding data structure that binds the at least 
one other network interface to the at least one sub-interface data structure; and 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

17. (Original) The method of claim 10, 

wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 
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providing at least one other network interface encoded in the electronic memory; 
providing the at least one other sub-interface data structure encoded in electronic 
memory; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 

wherein binding the at least one network interface to the at least one other sub- 
interface data structure includes creating a binding data structure that binds the at least 
one network interface to the at least one other sub-interface data structure; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 

wherein binding the at least one other network interface to the at least one other 
sub-interface data structure includes creating a binding data structure that binds the at 
least one other network interface to the at least one other sub-interface data structure; 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

18. (Currently Amended) A method of creating a link in a network domain 
comprising: 

providing a network device including an electronic memory encoded with a first 
virtual network machin e router which includes at least one first network interface and 
with a second virtual network machin e router which includes at least one second network 
interface; 
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providing at least one first sub-interface data structure encoded in the electronic 
memory; 

providing at least one second sub-interface data structure encoded in the electronic 
memory; 

binding the at least one first network interface to the at least one first sub-interface 
data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure. 

19. (Original) The method of claim 18 wherein, 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 

20 (Original) The method of claim 18 further including: 

binding the at least one second network interface to the at least one first sub- 
interface data structure; and 

eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

2 1 . (Currently Amended) The method of claim 1 8 further including: 
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providing respective first and second network databases associated with the 
respective first and second virtual n e twork machines routers wherein such respective first 
and second databases include one or more types of control information used to manage or 
monitor operations, selected from the group consisting of: network (layer 3) addressing, 
layer 3 connections, routing, routing protocols, route filters and policies, tunneling, 
tunneling protocols. 

22. (Currently Amended) The method of claim 1 8 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual network machines routers wherein such respective first 
and second databases include control information used to manage or monitor operations, 
selected from the group consisting of: network (layer 3) addressing, layer 3 connections, 
routing, routing protocols, route filters and policies, tunneling, tunneling protocols; 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 

23. (Currently Amended) The method of claim 1 8 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual network machin e s routers wherein such respective first 
and second databases include one or more types of control information used to manage or 
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monitor operations, selected from the group consisting of: network (layer 3) addressing, 
layer 3 connections, routing, routing protocols, route filters and policies, tunneling, 
tunneling protocols; 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure; 

binding the at least one second network interface to at least one first sub-interface 
data structure; and 

eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

24. (Currently Amended) A method of creating links between multiple subscriber end 
stations and multiple network domains comprising: 

providing a network device including an electronic memory encoded with 
multiple respective virtual network machin e s routers , said respective virtual n e twork 
machines routers including respective corresponding network databases which include 
respective control information,, that r e sp e ctiv e ly imparts rout e r functionality to 
corresponding resp e ctiv e virtual network machines; said respective virtual n e twork 
machin e s routers respectively each including at least one respective network interface for 
a respective network domain; 
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providing respective subscriber records in an electronic memory that 
include respective information as to network domains to which respective subscriber end 
stations of respective subscribers may access; 

providing multiple respective sub-interface data structures in the electronic 
memory respectively associated with respective subscribers; 

searching respective subscriber records to identify respective network 
domains that may be accessed by a respective subscriber end station of a respective 
subscriber; and 

creating respective binding data structures that respectively bind respective 
sub-interface data structures respectively associated with respective subscribers to 
respective network interfaces for respective network domains identified from searching 
respective subscriber records. 

25. (Original) The method of claim 24 further including: 

providing respective subscriber authentication information and respective 
subscriber authorization information in respective subscriber records; 

providing subscriber authentication and authorization services; and 
authenticating and authorizing subscriber access to respective network domains 
using respective subscriber records and the subscriber authentication and authorization 
services. 

26. (Original) The method of claim 24 wherein, 



Attorney's Docket No. 4906.P001D 



10 



App. No. 10/020,388 



the multiple respective sub-interface data structures include multiple respective 
virtual circuits. 

27. (Original) The method of claim 24 further including: 

providing in respective subscriber records multiple possible network domain 
binding options for a respective subscriber. 

28. (Original) The method of claim 24 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for a respective subscriber. 

29. (Currently Amended) A subscriber management system comprising: 

a network device including an electronic memory encoded with multiple 
respective virtual network machin e s routers in the memory, said respective virtual 
n e twork machin e s routers including corresponding respective network databases which 
include respective control information that r e sp e ctiv e ly imparts rout e r functionality to 
corresponding r e sp e ctiv e virtual n e twork machin e s , said respective virtual n e twork 
machin e s routers respectively including at least one respective network interface to a 
respective network domain; 
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respective subscriber records in an electronic memory that include respective 
information as to network domains to which respective subscriber end stations of 
respective subscribers may be bound; 

multiple respective sub-interface data structures in the electronic memory 
respectively associated with respective subscribers; 

a computer program in electronic memory that searches respective subscriber 
records to identify respective network domains that may be accessed by respective 
subscriber ends stations of respective subscribers; and 

respective binding data structures that respectively bind respective sub-interface 
data structures associated with respective subscribers to respective network interfaces to 
respective network domains identified from searching respective subscriber records. 

30. (Original) The system of claim 29 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for respective subscribers. 

3 1 . (New) A network device comprising: 
at least one processor; 

memory; 
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I/O; 

at least one virtual bridge in the memory, said at least one first virtual bridge 
including a first network interface; 

a first sub-interface data structure in the memory; and 

a first binding data structure in the memory which binds the first network interface 
to the first sub-interface data structure. 

32. (New) The network device of claim 3 1 wherein, 

the first network interface is a layer 2 network interface; 
the first sub-interface data structure is a layer 2 interface data structure; and 
the first binding data structure is layer 2/2 binding structure which binds the first 
layer 3 network interface to the layer 2 interface data structure. 

33. (New) An apparatus comprising: 

a single network device including, 

a set of one or more processors; 

a first physical interface, the first physical interface coupled to a network; 

and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
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router network interface to the first physical interface, wherein the first virtual router 
routes packets according to the first database within a first network domain through the 
first virtual router network interface and the first physical interface, the second virtual 
router routes packets according to the second database within a second network domain. 

34. (New) The apparatus of claim 33, further comprising: 

a second physical interface, the second physical interface coupled to the network, 
wherein the set of instructions further causes the single network device to the second 
physical interface and the second virtual router routes packets through the second virtual 
router network interface and the second physical interface. 

3 5 . (New) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
router network interface to a first virtual circuit, wherein the first virtual router routes 
packets according to the first database within a first network domain through the first 
virtual router network interface and the first virtual circuit and the second virtual router 
routes packets according to the second database within a second network domain. 
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36. (New) The apparatus of claim 35, further comprising: 

a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to the second virtual 
circuit and the second virtual router routes packets through the second virtual router 
network interface and the second virtual circuit. 

37. (New) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the single network device to instantiate a first virtual bridge comprising a network 
interface and a first database, to instantiate a second virtual bridge comprising a network 
interface and a second database, and to bind with a data structure the first virtual bridge 
network interface to a first virtual circuit, wherein the first virtual bridge switches packets 
according to the first database within a first network domain through the first virtual 
bridge network interface and the first virtual circuit and the second virtual bridge switches 
packets according to the second database within a second network domain. 

38. (New) The apparatus of claim 37, further comprising: 

a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to the second virtual 
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circuit and the second virtual bridge switches packets through the second virtual bridge 
network interface and the second virtual circuit. 

39. (New) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a first plurality of ports to communicate packets of a plurality of 

subscriber; 

a second plurality of ports to communicate packets; and 
a machine-readable medium having stored therein a set of instructions to 
cause the set of processors to, 

instantiate a plurality of virtual network machines, wherein the 
plurality of virtual network machines are virtually independent but share a 
set of physical resources within the single network device, wherein each of 
the plurality of virtual network machines is one of a virtual router and a 
virtual bridge, and wherein each of the plurality of virtual network 
machines belong to a network domain, 

receive subscriber records associated with the plurality of 
subscribers, wherein each of the plurality of subscribers are associated 
with a virtual circuit on one of the first plurality of ports, wherein each of 
the first and second plurality of ports is associated with one or more sub- 
interfaces, and wherein each of the virtual circuits is associated with one 
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the sub-interfaces associated with the one of the first plurality of ports that 
the virtual circuit is on, and 

dynamically bind a set of one or more network interfaces of each of 
the virtual network machines to a set of one or more of the sub-interfaces, 
such that each of the virtual circuits is communicatively coupled with one 
of said plurality of virtual network machines based on the subscriber 
record of the subscriber associated with that virtual circuit and such that at 
least some of the virtual network machines are communicatively coupled 
to one of the second plurality of ports, wherein the bindings are 
represented with a plurality of data structures. 

40. (New) The apparatus of claim 39, wherein the set of instructions further causes 
the set of processors to retrieve the subscriber records from a server that runs 
authentication, authorization, and accounting protocols. 

41 . (New) The apparatus of claim 39, wherein the set of instructions further causes 
the set of processors to change the binding of one of the virtual circuits to a different one 
of said plurality of virtual network machines, wherein the binding change is based on the 
subscriber's subscriber record. 

42. (New) The apparatus of claim 41, wherein the binding change is based on time of 
day. 
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43. (New) The apparatus of claim 39, wherein the set of instruction further causes the 
set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 

bind one of the network interfaces associated with a second of the plurality of 
virtual network machines to a sub-interface for a second virtual circuit associated with the 
first port. 

44. (New) The apparatus of claim 39, wherein the set of instruction further causes the 
set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 

bind another one of the network interfaces associated with the first of the plurality 
of virtual network machines to a sub-interface for a second virtual circuit associated with 
the first port. 

45. (New) The apparatus of claim 39, wherein the set of instruction further causes the 
set of processors to forward, within the network domains to which the virtual network 
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machines belong, packets received over the virtual circuits communicatively coupled with 
the virtual network machines out the second plurality of ports. 

46. (New) The apparatus of claim 45, wherein the second plurality of ports is 
communicatively coupled to different ones of service providers and different virtual 
network machines have access to the different ones of the service providers. 
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